[users@httpd] mod_rewrite and rewriting REMOTE_USER

[Martin Sperl <ma...@ucpmorgen.com>]

Hi!

I have been doing a lot of research regarding SSL User-Authentication 
and I am finally coming to a problem that has nothing to do with mod_ssl 
but can also be reproduced with plain http...

(Actually i want to suppress some information from the much to verbose 
mod_ssl FakeBasicAuth.)

Basically the setup:

RewriteEngine On
RewriteLog /tmp/rewrite.log
RewriteLogLevel 9
  <Directory /var/www/cgi-bin>
      Options +FollowSymLinks +ExecCGI
      AuthName "Please enter the password"
      AuthType Basic
      AuthUserFile /tmp/htpasswd
      Require valid-user
      RewriteEngine On
      RewriteCond %{REMOTE_USER} ^(.*)$
      RewriteRule ^(.*)$ $1      [E=REMOTE_USER:x%1x,L]
  </Directory>

and for a request to: /cgi-bin/env.cgi with a user "a" I see the 
environment variable:
REMOTE_USER=a

If I mofify the RewriteRule so that it looks like this:
      RewriteRule ^(.*)$ $1      [E=REMOTE_USER1:x%1x,L]
I get:
REMOTE_USER=a
REMOTE_USER1=xax

(the REMOTE_USER1 is what I would like to get in REMOTE_USER!)

the rewrite.log gives the following:
192.168.69.254 - - [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (2) init rewrite engine 
with requested uri /cgi-bin/env.cgi
192.168.69.254 - - [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (1) pass through 
/cgi-bin/env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir 
/var/www/cgi-bin/] strip per-dir prefix: /var/www/cgi-bin/env.cgi -> env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir 
/var/www/cgi-bin/] applying pattern '^(.*)$' to uri 'env.cgi'
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (4) RewriteCond: input='a' 
pattern='^(.*)$' => matched
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (2) [per-dir 
/var/www/cgi-bin/] rewrite env.cgi -> env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (5) setting env variable 
'REMOTE_USER' to 'xax'
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir 
/var/www/cgi-bin/] add per-dir prefix: env.cgi -> /var/www/cgi-bin/env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200] 
[<hostname>/sid#8087e48][rid#808be78/initial] (1) [per-dir 
/var/www/cgi-bin/] initial URL equal rewritten URL: 
/var/www/cgi-bin/env.cgi [IGNORING REWRITE]

As you can see the environment variable gets set but seems to be 
overwritten later on again!

Also using FastCGI Authentication and passing back "REMOTE_USER: 
<dummy>" together with an OK response does not help!

Is there a way to do this, or does this require a patch to apache?

Cheers,
	Martin

P.s: My environment is a fresh installation of RH7.3 (no updates!)


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org